CategoryGeneral

Bug in Bash shell allow attackers to execute code on Linux, Unix and Mac OSX

A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks.

The bug, discovered by Stephane Schazelas, is related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script. If Bash has been configured as the default system shell, it can be used by network–based attackers against servers and other Unix and Linux devices via Web requests, secure shell, telnet sessions, or other programs that use Bash to execute scripts.

Because of its wide distribution, the vulnerability could be  critical, though it may not be nearly as dangerous. The vulnerability affects versions 1.14 through 4.3 of GNU Bash. Patches have been issued by many of the major Linux distribution vendors for affected versions, including:

  • Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution
  • CentOS (versions 5 through 7)
  • Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS
  • Debian

A test on Mac OS X 10.9.4 (“Mavericks”) by Ars showed that it also has a vulnerable version of Bash. Apple has not yet patched Bash, though it just issued an update to “command line tools.”

While Bash is often thought of just as a local shell, it is also frequently used by Apache servers to execute CGI scripts for dynamic content (through mod_cgi and mod_cgid). A crafted web request targeting a vulnerable CGI application could launch code on the server. Similar attacks are possible via OpenSSH, which could allow even restricted secure shell sessions to bypass controls and execute code on the server. And a malicious DHCP server set up on a network or running as part of an “evil” wireless access point could execute code on some Linux systems using the Dynamic Host Configuration Protocol client (dhclient) when they connect.

There are other services that run on Linux and Unix systems, such as the CUPS printing system, that are similarly dependent on Bash that could be vulnerable.

There is an easy test to determine if a Linux or Unix system is vulnerable. To check your system, from a command line, type:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:

vulnerable
this is a test

bash_vul

 

 

 

 

 

 

An unaffected (or patched) system will output:

 bash: warning: x: ignoring function definition attempt
 bash: error importing function definition for `x'
 this is a test

The fix is an update to a patched version of the Bash shell. To be safe, administrators should do a blanket update of their versions of Bash in any case.

 

Root Cause of this issue:

  • A flaw was found in the bash functionality that evaluates specially formatted environment variables passed to it from another environment.
    An attacker could use this feature to override or bypass restrictions to the environment to execute shell commands before restrictions have been applied. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
  • For more information about this vulnerability, refer to the following article:
    Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271)

 

Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271) (Source Redhat)

In order to avoid exploitation from CVE-2014-6271, ensure that your system is updated to at least the following versions of Bash.

RHSA-2014:1293

  • Red Hat Enterprise Linux 7 – bash-4.2.45-5.el7_0.2
  • Red Hat Enterprise Linux 6 – bash-4.1.2-15.el6_5.1
  • Red Hat Enterprise Linux 5 – bash-3.2-33.el5.1

RHSA-2014:1294

  • Red Hat Enterprise Linux 4 Extended Lifecycle Support – bash-3.0-27.el4.2
  • Red Hat Enterprise Linux 5.6 Long Life – bash-3.2-24.el5_6.1
  • Red Hat Enterprise Linux 5.9 Extended Update Support – bash-3.2-32.el5_9.2
  • Red Hat Enterprise Linux 6.2 Advanced Update Support – bash-4.1.2-9.el6_2.1
  • Red Hat Enterprise Linux 6.4 Extended Update Support – bash-4.1.2-15.el6_4.1

RHSA-2014:1295

  • SJIS for Red Hat Enterprise Linux 6 – bash-4.1.2-15.el6_5.1.sjis.1
  • SJIS for Red Hat Enterprise Linux 5 – bash-3.2-33.el5_11.1.sjis.1
  • In order to update to the most recent version of the Bash package run the following command:
# yum update bash
  • Specify the package name in order to update to a particular version of Bash. For example, to update a Red Hat Enterprise Linux 6.5 system run:
# yum update bash-4.1.2-15.el6_5.1
  • The only way to fix it is to install updated Bash packages.
  • The safest & simplest thing to do is to perform a system reboot.
  • Carry out the following operation if system cannot be reboot.
/sbin/ldconfig

Read more information on this @ redhat

Steps to configure Weblogic proxy plugin in IIS6.0

To configure weblogic Proxy plugin in IIS6.0 we need to have mainly two dll’s (iisforward.dll & iisproxy.dll) and iisproxy.ini in the same folder. The mentioned dll’s  (iisforward.dll & iisproxy.dll) are available with the weblogic installation folder.

My environment details

Microsoft windows server 2003(32bit)
IIS6.0
Weblogic 10.3.6

In my setup the dll’s was available in the below location for WL 10.3.6  C:OracleMiddlewarewlserver_10.3serverpluginwin32

Copy the iisforward.dll, proxy.dll to C:Inetpubwwwroot and create a file iisproxy.ini with the below simple configuration.

WebLogicHost=<Weblogic host>
 WebLogicPort=7001
 WlForwardPath=/
 Debug=ALL
 DebugConfigInfo=ON

More plugins can be added based on your requirements, the plugin list can be found here

http://docs.oracle.com/cd/E15051_01/wls/docs103/plugins/plugin_params.html

Now the sample output from  C:Inetpubwwwroot directory looks like below.

sample_out

And in IIS6.0 it looks like below.

iis_basic

I’m using Default website in this example.

Steps

  1. Start IIS, go to ‘Default Web Site”, right click on it and select ‘properties’,                         go to ‘ISAPI Filters’ tab, click on Add
  2. Default-prop

isapi-filter

Enter the name of your choice for the “Filter name” eg: forwarddll

Now click on browse and select “iisforward.dll“,  and click on OK, as shown below.

fwd-dll

Go to the Home Directory, select configuration and select add

add_wlforward

Select browse, then iisproxy.dll from drop down list and for extension use .wlforward

and make sure “Verify that the file exits” is not checked (See last check box on screen above and screen shot below point 6).

Then click OK.

Next go to Web Service Extension and make sure that “All Unknown ISAPI Extensions” are allowed.

WebserviceExt

Here completes the configuration.

Now  you can access you weblogic url via, WLS iis proxy.

for example, in original your application is configured on weblogic port 7001

like:
http://myhost.wlmachine.com:7001/sampleapp
This can be accessed as
http://myhost.wlmachine.com/sampleapp

Quest Visual is joining Google!

Quest Visual, the maker of the incredible Word Lens app, posted on its website that it has been acquired by Google.

 

Quotes from wordlens website

With Word Lens, we’ve seen the beginnings of what’s possible when we harness the power of mobile devices to “see the world in your language.”

By joining Google, we can incorporate Quest Visual’s technology into Google Translate’s broad language coverage and translation capabilities in the future.

As a thank you to everybody who supported us on our journey, we’ve made both the app and the language packs free to download for a limited time while we transition to Google.

We’re looking forward to continuing our work at Google – stay tuned!

Android Word Lens Translator

How to enable telnet in a Linux server?

Telnet is a network protocol, used to provide bi-directional text-oriented communication facility.

Note: Telnet in is insecure protocol and it is recommended that you use ssh server. 

WARNING! Installing telnet on your server makes the server open to an un-encrytpted communications, it’s not recommended to use telnet, use Secure (SSH).

Telnet Server installation

In Debian/Ubuntu
user@techinx$ sudoapt-get install telnetd
In fedora/RedHat
root@techinx# yum install telnet-server telnet xinetd

Configure telnet server (turn on telnet server)

If you are using Red Hat / Fedora Linux
The configuration file for telnet is /etc/xinetd.d/telnet. To enable telnet server you need to open this file and make sure disable = no read as disable = yes.
Alternately,
root@techinx# chkconfig telnet on
To start telnet server type command:
root@techinx# /etc/init.d/xinetd restart

How to enable root login from telnet server

Edit /etc/securetty file, In the end of file add pts/0 to enable one telnet session for root. if you need to open more telnet session for root and add more pts/1 pts/2 and so on.

Restart services, you are done!.

is Big G Revamping it’s logo?

is Big G (Google) revamping it’s logo? Hints appear in new Chrome beta for Android. Here is the comparison image for the old and the hinted logo.

Hinted New logo for Google

Hinted New logo for Google

 

© 2017 My techbook

Theme by Anders NorénUp ↑